Giter Club home page Giter Club logo

docker's Introduction

shadowban.dev

Quickstart: Install mkcert, node.js and run ./manage init

$ mkdir shadowban-eu; cd $_
$ git clone https://github.com/shadowban-eu/docker ./docker; cd $_
$ ./manage init

Windows users, please install a bash shell! The emulation of git for windows works fine.


The compose file ./docker-compose.yml creates a network (shadowban-dev_common) with mongo (db), nginx (www), frontend (pwa) and testing containers.

host: shadowban-db
image mongo
ports 127.0.0.1:27017:27017
config ./env/mongo.env
shadowban-www
image www/. (nginx:alpine)
ports 127.0.0.1:80:80 (http)
127.0.0.1:443:443 (https)
config www/nginx.conf
www/sites-/*
www/ssl/**/(key|cert).pem
logs ./logs/nginx/
shadowban-testing
image ../testing/. (python:3.7-slim-buster)
config ./env/testing.env
logs ./logs/testing/
shadowban-pwa
image ../pwa/. (node:slim)
config ./env/pwa.env
shadowban-timeline-termination
image ../timeline-termination/. (node:slime)
config ./env/timeline-termination.env
logs ./logs/timeline-termination/

manage

Usage: ./manage [init|mkcert <domain>|*] [-b <branch>] [-d <uri>] [-h]
Setup and manage shadowban.eu development docker containers

Depends:
  docker >=18.0.9, docker-compose >=1.25, [mkcert]

Managing commands:
  init              Clones all services, builds images,
                    sets up SSL, etc.
  dev <service>     Run <service> in foreground and all other services detached.
  mkcert <domain>   Creates a new SSL cert/key pair for <domain>

Managing options:
  -g <uri>          Base URI for repositories to clone from
                    e.g. https://github.com/shadowban-eu/
  -b <branch>       Branch name to check out; default: master
  -h                You're looking at it.

Other:
  *                 All other arguments are passed to docker-compose
                    e.g. './manage help' to see the docker-compose help
# Bring up containers
# [-d] detach from your terminal process
./manage up [-d] (db|pwa|testing|timeline-termination|www)

# Stop a service
./manage stop (db|pwa|testing|timeline-termination|www)

# Bring all services down (stop and destroy)
# This will wipe your DB!
./manage down

# Execute command inside of running container
./manage exec (db|pwa|testing|timeline-termination|www) <CMD>
# e.g. reload nginx configs
./manage exec www nginx -s reload

SSL certificate

mkcert

Install mkcert and generate/install the CA certificate. You probably want to restrict the automatic installation to browsers, setting $TRUST_STORES to nss.

TRUST_STORES=nss mkcert -install

Finish the SSL setup by creating a certificate for shadowban.dev

mkcert \
  -key-file ./www/ssl/shadowban.dev/key.pem \
  -cert-file ./www/ssl/shadowban.dev/cert.pem \
  shadowban.dev *.shadowban.dev

# or use ./manage
./manage mkcert shadowban.dev

You can use any other way to generate your cert/key pair. Just copy both .pem files somewhere into ./www/ssl/ and reference them in your host config.

The server is already set up for shadowban.dev. The next section describes how to add new domains.

Server

Suppose you want the PWA to respond on shadow-ban.dev.

Start by generating the SSL certificate and key

./manage mkcert shadow-ban.dev

The path ./www/ssl is mounted to /etc/nginx/ssl and can be referenced in configs relative to /etc/nginx.

For our example:

# The certificate you just created...
<project_root>/docker/www/ssl/shadow-ban.dev/cert.pem

# is mounted inside the container...
/etc/nginx/ssl/shadow-ban.dev/cert.pem

# and can be used in host configs with a relative path
ssl_certificate ssl/shadow-ban.dev/cert.pem;

Now copy ./www/sites-enabled/shadowban.dev to ./www/sites-enabled/shadow-ban.dev and change the paths to ssl_certificate and _key, as well as $DOMAIN and $server_name.

  server {
    set $DOMAIN 'shadow-ban.dev';
    # name and port of the frontend container
    set $PWA_ADDRESS 'shadowban-pwa';
    set $PWA_PORT '3000';

    server_name shadow-ban.dev;
    listen 80;
    listen 443 ssl; # remove the default_server, here
    ssl_certificate ssl/shadow-ban.dev/cert.pem;
    ssl_certificate_key ssl/shadow-ban.dev/key.pem;

    ...
  }

All that's left is to reload the nginx configs

./manage exec www nginx -s reload

Client

No need to do any of this, if you are using mkcert and the installation didn't fail.

Go to your browser settings (e.g. brave://settings/certificates) and add the mkcert rootCA.pem to your "Authorities". You can get its location with

mkcert -CAROOT

When asked, select the "identifying websites" option. The mkcert root certificate - which you use to sign the certificates for domains - is now in the list, named "org-mkcert development CA". From now on, all certificates generated with mkcert are accepted by your browser.

Also have a look at the advanced topics in the mkcert README!

Known Issues

net::ERR_BLOCKED_BY_CLIENT

If, despite the browser seeing a valid certificate, the page is blank and all other requests are blocked with a net::ERR_BLOCKED_BY_CLIENT error, try disabling all ad blocking extensions! Brave's built-in "Shields" for example blocks everything.

docker's People

Contributors

rbeer avatar

Stargazers

45739847 avatar Takehiro Ogura avatar  avatar tsukumi avatar aiya000 avatar  avatar E.C avatar

Watchers

James Cloos avatar  avatar

Forkers

forkoooor

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.